A recent comprehensive investigation by cybersecurity firm Kaspersky has unveiled the intricate tactics used by phishing scammers to exploit compromised websites undetected for their malicious activities.
The study, authored by security researchers Tatyana Machneva and Olga Svistunova, exposes the widespread strategy of targeting abandoned or poorly maintained websites as prime targets for cyber-criminals. These websites, often lacking up-to-date security patches, provide an easy entry point for hackers to embed malicious content, which can remain undetected for extended periods.
Interestingly, Kaspersky emphasizes that even active yet smaller websites are not immune to such attacks due to financial constraints and limited security expertise, making them attractive targets.
The research underscores that the popularity of a website takes a backseat to its vulnerability when it comes to phishing scams. Scammers frequently share links to deceptive pages through email and instant messaging, focusing on websites susceptible to compromise rather than their online visibility. The study reveals a disturbing trend: hackers are increasingly exploiting vulnerabilities in the widely used WordPress content management system, which powers a significant 43.1% of all websites on the internet. The report highlights how hackers manipulate WordPress sites, capitalizing on their legitimacy to lower users’ defenses and circumvent domain take-downs, making them a convenient platform for phishing campaigns.
The study’s findings emphasize the critical need for enhanced security measures, particularly in the face of these sophisticated phishing tactics. Kaspersky’s report offers actionable insights for both website administrators and users, stressing the importance of maintaining strong, unique passwords, adopting multi-factor authentication, and regularly updating server software.
Vigilance is also key in identifying signs of phishing, such as unusual directory names in URLs and irrelevant content, allowing users to steer clear of potential scams. By shedding light on the techniques used by phishing scammers and providing practical recommendations, Kaspersky’s study plays a vital role in bolstering online security and safeguarding users from falling victim to these deceptive schemes.
